topic Re: Https Bypass Inspetion Application like microsoft store in Firewall and Security Management

Https Bypass Inspetion Application like microsoft store

Bac26 — Tue, 14 Feb 2023 16:42:45 GMT

Hello

what is best practice to bypass https inspection on application? like microsoft store?

Re: Https Bypass Inspetion Application like microsoft store

the_rock — Tue, 14 Feb 2023 17:35:17 GMT

This is example of what I always do and works 100% of the time.

Andy

Also, make sure below is checked, though Im pretty sure it is by default (legacy smart console)

Re: Https Bypass Inspetion Application like microsoft store

PhoneBoy — Tue, 14 Feb 2023 21:41:51 GMT

You can bypass any domain by creating a Custom Application/Site with the relevant domains similar to what @the_rock showed.
You can't bypass a specific application using one of our built-in definitions.

Re: Https Bypass Inspetion Application like microsoft store

Bac26 — Wed, 15 Feb 2023 07:16:00 GMT

ok but i wanted bypass "microsoft store" application what would be the best bay?

Re: Https Bypass Inspetion Application like microsoft store

Bac26 — Wed, 15 Feb 2023 07:57:37 GMT

you apply both or just one of the 2 option?

Re: Https Bypass Inspetion Application like microsoft store

Bac26 — Wed, 15 Feb 2023 08:04:02 GMT

sorry i mean why as i have checked "bypass https inspection..." microsoft store is not bypass by this one? and i need to add the rule?

Re: Https Bypass Inspetion Application like microsoft store

Bac26 — Wed, 15 Feb 2023 08:17:28 GMT

you get same alert when add in the way you suggest?

Re: Https Bypass Inspetion Application like microsoft store

Sorin_Gogean — Wed, 15 Feb 2023 10:42:24 GMT

Not sure why is that hard to look into documentation:

From Microsoft documents we get the needed URL's, so were you allowing those or?

Proxy configuration

If your organization restricts computers on your network from connecting to the Internet, there is a set of URLs that need to be available for devices to use Microsoft Store. Some of the Microsoft Store features use Store services. Devices using Microsoft Store – either to acquire, install, or update apps – will need access to these URLs. If you use a proxy server to block traffic, your configuration needs to allow these URLs:

login.live.com
login.windows.net
account.live.com
clientconfig.passport.net
windowsphone.com
\*.wns.windows.com
\*.microsoft.com
\*.s-microsoft.com
www.msftncsi.com (prior to Windows 10, version 1607)
www.msftconnecttest.com/connecttest.txt (replaces www.msftncsi.com starting with Windows 10, version 1607)

Store for Business requires Microsoft Windows HTTP Services (WinHTTP) to install, or update apps.

Re: Https Bypass Inspetion Application like microsoft store

the_rock — Wed, 15 Feb 2023 12:23:34 GMT

Hey @Bac26 ,

Apologies, I dont have smart console on my iphone (lol), as Im travelling, so cant get to my lab, but in a nutshell, just do what @Sorin_Gogean suggested. He is EXCELLENT...he helped me before with some queries I had for inspection, you can tell he knows this subject very well. I would say, also, just to be sure, you can also add updatable objects, simply search for anything windows or updates. I would say most of the time, but dont take my word for it, as I cant see it at the moment, usually its enough to only add USA servers, but its pretty self expanatory once you look it up.

Hope it helps.

Andy